Update oqs-provider scripts for R4 #165
Conversation
|
Just added the current (limited) set of certificates that the script currently generates, see f772596 |
romen
changed the title
|
@johngray-dev @praveksharma @ounsworth @feventura can I ask your feedback on this? |
|
Thank you for updating this @romen! The new r4 scripts look good to me. I was wondering whether it would be easier to just remove Sphincs and Dilithium since other providers aren't submitting artefacts for those anymore. Looks like oqsprovider is behind on SLH-DSA, ML-DSA, and the CMS artefacts. Am I missing anything? |
|
Yes, oqsprovider is behind on everything... If you look at the automated results matrix is essentially shows everyone as partial validation because oqs fails on everything... Event the OQS composite signatures implementation is behind. |
I was just going off of algorithm availability. This table doesn't include OQS results because it hasn't been updated with the results from this branch. Am I looking at the table? |
This isn't exactly surprising as the underlying
That is surprising given open-quantum-safe/oqs-provider#549. --> Which code version is being used in these tests? Has anyone created a current dockerfile with code from "main" for these tests as I did a long time ago in preparation for a hackathon? If it's still that old image run, failing interop is rather logical :-) @praveksharma ? |
|
The artifacts in this PR have been generated using Which reports: $ OPENSSL_CONF=/dev/null openssl list -provider oqsprovider -providers -verbose
Providers:
oqsprovider
name: OpenSSL OQS Provider
version: 0.7.1-dev
status: active
build info: OQS Provider v.0.7.1-dev (8680f17) based on liboqs v.0.11.1-dev
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size) |
|
To be fair, we did just publish draft-lamps-composite-signatures-03 on October 21st. I don't think Felipe has had time to update it yet. It does require use of the ML-DSA context, so ML-DSA would need to be offically supported before composite signatures can be updated. Thanks for all the work you do to make this available to us! |
|
Thanks @CBonnell ! Looking at the CI artifacts, it seems we are not getting results/failures on the compat matrix output for all the algs, am I missing something or reading the output in the wrong way? |
|
For example in the |
|
Hi @romen, I think what you are seeing is correct. There are no r4 artifacts in the https://github.com/IETF-Hackathon/pqc-certificates/tree/master/providers/oqs-provider directory, so oqsprovider will not appear in the top-level table of producers. |
Here is my attempt at fixing the contents of the
oqs-providerprovider.generateandverifygen.sh,check.shand the R3 versions fromoqs-openssl111oqs-openssl111are using config files which load providers, so I am not sure they work at all against the OQS OpenSSL 1.1.1 fork, so maybe that folder also needs some maintentancegen_r4.shandcheck_r4.sh, adhering to the new formatartifacts_certs_r4.zipwith the (currently limited) set of certificates thatgen_r4.shgeneratesPlease provide feedback so I can improve the quality of this PR.